Cisco WebEx Meetings Server Authentication Bypass Vulnerability

A vulnerability in the play/modules of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to be granted authenticated administrator access.

The vulnerability is due to an exposed application programming interface (API). An attacker could exploit this vulnerability by sending crafted URL requests to a vulnerable device.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may need access to trusted or internal networks to transmit crafted data to the targeted system. This access requirement could limit the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.